Amendments to the Claims: 

This listing of claims will replace all prior version, and listings, of claims in the 
application: 

Listing of Claims: 

1 . (Original) A delegation method, implemented in a delegation system, 
comprising the steps of: 

providing delegation policies as general rules for limiting delegation; 

receiving a delegation condition and a delegation approval submitted by a 

grantor for vesting authority of the grantor's role to a grantee, wherein the 
grantor's role is designated the authority to access a set of data; and 

determining consequent authority vested to the grantee based on the delegation 
approval, the delegation condition and the delegation policies. 

2. (Original) The method as claimed in claim 1 , wherein the delegation condition 
is presented in extensible markup language (XML). 

3. (Original) The method as claimed in claim 1 , wherein the delegation condition 
comprises a static condition for limiting the vested authority. 

4. (Original) The method as claimed in claim 3, wherein the static condition 
comprises at least a total time condition, a time condition, a location condition or a 
function condition. 
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5. (Original) The method as claimed in claim 1, wherein the delegation condition 
comprises a dynamic condition for limiting the vested authority. 



6. (Original) The method as claimed in claim 5, wherein the dynamic condition 
comprises at least a session condition or a group condition. 

7. (Original) The method as claimed in claim 1 , further comprising the steps of: 
storing the vested consequent authority as consequent delegation information; 
creating a temporary role according to the consequent delegation information 

using a role-based system; and 
designating the temporary role to the grantee. 

8. (Original) The method as claimed in claim 1 , wherein the determining step 
further comprises the steps of: 

determining whether the delegation condition satisfies the delegation policies; 

adjusting the delegation condition to the delegation policies when the delegation 
condition does not satisfy the delegation policies; and 

acquiring a consequent delegation condition, where the consequent delegation 
condition comprises, when the delegation condition does not satisfy the 
delegation policies, the adjusted delegation condition or, when the 
delegation condition satisfies the delegation policies, comprises the 
delegation condition. 
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9. (Original) The method as claimed in claim 8, further comprising the steps of: 
determining whether usage of the set of data satisfies the consequent delegation 

condition; and 

retracting the vested authority when usage of the set of data does not satisfy the 
consequent delegation condition. 

10. (Original) A delegation device, comprising: 

a memory storing delegation policies as general rules for limiting delegation; 

a receiving unit for receiving a delegation condition and a delegation approval 
submitted by a grantor for vesting authority of the grantor's role to a 
grantee, wherein the grantor's role is designated the authority to access a 
set of data; and 

a processing unit for determining consequent authority vested to the grantee 
based on the delegation approval, the delegation condition and the 
delegation policies. 

1 1 . (Original) The device as claimed in claim 10, wherein the delegation condition 
comprises a static condition for limiting the vested authority. 

12. (Original) The device as claimed in claim 10, wherein the delegation condition 
comprises a dynamic condition for limiting the vested authority. 
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13. (Original) The device as claimed in claim 10, wherein the processing unit 
further determines whether the delegation condition satisfies the delegation policies, 
adjusts the delegation condition to the delegation policies when the delegation condition 
does not satisfy the delegation policies, and acquires a consequent delegation 
condition, where the consequent delegation condition comprises, when the delegation 
condition does not satisfy the delegation policies, the adjusted delegation condition or, 
when the delegation condition satisfies the delegation policies, comprises the delegation 
condition. 

14. (Original) The device as claimed in claim 13, wherein the processing unit 
further determines whether usage of the set of data satisfies the consequent delegation 
condition, and retracting the vested authority when usage of the set of data does not 
satisfy the consequent delegation condition. 

15. (Original) A machine-readable storage medium storing a computer program 
which, when executed, directs a computer to perform a delegation method, comprising 
the steps of: 

receiving a delegation condition and a delegation approval submitted by a 

grantor for vesting authority of the grantor's role to a grantee, wherein the 
grantor's role is designated the authority to access a set of data; 
reading delegation policies as general rules for limiting delegation; and 
determining consequent authority vested to the grantee based on the delegation 
approval, the delegation condition and the delegation policies. 
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16. (Original) The machine-readable storage medium as claimed in claim 15, 
wherein the delegation condition comprises a static condition for limiting the vested 
authority. 

17. (Original) The machine-readable storage medium as claimed in claim 15, 
wherein the delegation condition comprises a dynamic condition for limiting the vested 
authority. 

18. (Original) The machine-readable storage medium as claimed in claim 15, 
wherein the delegation method further comprises the steps of: 

storing the vested consequent authority as consequent delegation information; 
creating a temporary role according to the consequent delegation information 

using a role-based system; and 
designating the temporary role to the grantee. 

19. (Original) The machine-readable storage medium as claimed in claim 15, 
wherein the determining step further comprises the steps of: 

determining whether the delegation condition satisfies the delegation policies; 
adjusting the delegation condition to the delegation policies when the delegation 

condition does not satisfy the delegation policies; and 
generating a consequent delegation condition, where the consequent delegation 

condition comprises, when the delegation condition does not satisfy the 
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delegation policies, the adjusted delegation condition or, when the 
delegation condition satisfies the delegation policies, comprises the 
delegation condition. 

20. (Original) The machine-readable storage medium as claimed in claim 19, 
wherein the delegation method further comprises the steps of: 

determining whether usage of the set of data satisfies the consequent delegation 
condition; and 

retracting the vested authority when usage of the set of data does not satisfy the 
consequent delegation condition. 
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